An individual almost but not quite entirely unlike Richard Martin wrote:
They've forced a major company (they don't come much more major than IBM) to ship a product which actually helps them in both aspects of their mandate. Communications interception of foreign industries' groupware is now easier for the U.S. than for any other country, while (and this must be granted) the communications security of American industries will be somewhat improved by this move.
But how does this affect the use of Notes for US companies with foreign offices? If foreign offices are required to use the "export version" (which IS supposedly interoperable with the domestic version), then Notes use between a foreign office and US office will have a 40 bit key as far as the government is concerned. This assumption may be incorrect, but until I know what the effective key size is as seen by the government when the export and domestic versions communicate, I have to assume that the export version will have to dominate the effective key length. In other words, the domestic version will be able to handle and generate keys with the 24 government accesible bits, but naturally, keys generated by the domestic version will not be usable by the export version. Are US businesses willing to swallow this when the use is purely internal to the company? Does the national security argument hold up in this situation? This really does so little to improve the security situation that I can see why Mr. Ozzie is not comfortable with this compromise as anything but a short-term solution. I hope his statement is sincere. I'm asking a lot of questions at this point because my own opinions are not fully formed on all of the relevant issues. --- Paul M. Cardon System Officer - Capital Markets Systems First Chicago NBD Corporation (for whom I do not opine) MD5 (/dev/null) = d41d8cd98f00b204e9800998ecf8427e